Error while creating SSL Certificate

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
explosivemenu.com

I ran this command:
certbot --apache -d explosivemenu.com

It produced this output:
Failed authorization procedure. explosivemenu.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://explosivemenu.com/.well-known/acme-challenge/PkL0jeCMp7A5R68s83rrWH3i443RIdP6UIZf3CxJ1Ug [185.101.93.11]: "\n<meta http-equiv=“refresh” content=“1” /><meta http-equiv=“cache-control” content=“max-age=0” /><meta http-equiv=“c”

IMPORTANT NOTES:

My web server is (include version):
Apache 2.4

The operating system my web server runs on is (include version):
Debian9

My hosting provider, if applicable, is:
Mc-Hosting24.de

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

2

Uhm btw. i can speek german,so if it would be better, we can talk in german. :smiley:

3

Hi @VentoxProjects

checking your domain you see the problem - https://check-your-website.server-daten.de/?q=explosivemenu.com

Domainname Http-Status redirect Sec. G
http://explosivemenu.com/
185.101.93.11 200 0.043 H
small content:
https://explosivemenu.com/
185.101.93.11 -10 0.686 P
SecureChannelFailure - The request was aborted: Could not create SSL/TLS secure channel.
http://explosivemenu.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.101.93.11 200 0.040
Visible Content:
Info: Html-Content with meta and/or script, may be a problem creating a Letsencrypt certificate using http-01 validation

Content:

<html> <head><meta http-equiv="refresh" content="1" /><meta http-equiv="cache-control" content="max-age=0" /><meta http-equiv="cache-control" content="no-cache" /><meta http-equiv="expires" content="-1" /><meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /><meta http-equiv="pragma" content="no-cache" /></head> <script type="text/javascript"> function getCookie(w){ cName = ""; pCOOKIES = new Array(); pCOOKIES = document.cookie.split('; '); for(bb = 0; bb < pCOOKIES.length; bb++){ NmeVal = new Array(); NmeVal = pCOOKIES[bb].split('='); if(NmeVal[0] == w){ cName = unescape(NmeVal[1]); } } return cName; } function printCookies(w){ cStr = ""; pCOOKIES = new Array(); pCOOKIES = document.cookie.split('; '); for(bb = 0; bb < pCOOKIES.length; bb++){ NmeVal = new Array(); NmeVal = pCOOKIES[bb].split('='); if(NmeVal[0]){ cStr += NmeVal[0] + '=' + unescape(NmeVal[1]) + '; '; } } return cStr; } function setCookie(name, value, expires, path, domain, secure){ var vlad = name + "=" + escape(value); if(expires){ expires = setExpiration(expires); vlad += ";expires=" + expires; } if(path){ vlad += ";path=" + path; } if(domain){ vlad += ";domain=" + domain; } if(secure){ vlad += ';secure'; } document.cookie = vlad; } function setExpiration(cookieLife){ var today = new Date(); var expr = new Date(today.getTime() + cookieLife * 24 * 60 * 60 * 1000); return expr.toGMTString(); } function delete_cookie(name){ document.cookie = name +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;'; } </script> <script type="text/javascript"> delete_cookie('fb620561f4f8b25819e9b3c4fad75f85'); setCookie('fb620561f4f8b25819e9b3c4fad75f85', 'Yes', '3', '/', '300', ''); </script> <body> </body> </html>

If you use http-validation, Certbot creates a file in /.well-known/acme-challenge, Letsencrypt checks that file.

But there is content with a JavaScript. Looks like a bot detection, so Cookies are required.

Perhaps your hoster has installed that script. Or this is your script.

If you can't remove it -> you can't use http-01 validation.

4

Means, that i can’tdo anything against it? Could you help me to remove it?

5

Log File:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.28.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1340, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1094, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 392, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 335, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 371, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 82, in handle_authorizations
self._respond(aauthzrs, resp, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 161, in _respond
self._poll_challenges(aauthzrs, chall_update, best_effort)
File “/usr/lib/python3/dist-packages/certbot/auth_handler.py”, line 232, in _poll_challenges
raise errors.FailedChallenges(all_failed_achalls)
certbot.errors.FailedChallenges: Failed authorization procedure. explosivemenu.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://explosivemenu.com/.well-known/acme-challenge/BZMTtpLsOiSl-t1CmWgooN2t-kJmQdEyeAshjSIFNVI [185.101.93.11]: "\n<meta http-equiv=“refresh” content=“1” /><meta http-equiv=“cache-control” content=“max-age=0” /><meta http-equiv=“c”

6

If you have root access, why is there such a script?

https://mc-host24.de/

That’s

https://mc-host24.de/rootserver-mieten

not a real root server. Looks like a virtual machine. So your hoster is able to add own scripts -> ask your hoster.

PS: You can use dns-validation. But I don’t know if you are able to install an own certificate.

7

No Mc-Host is the domain Host

8

I have a Vps at a other hoster

9

Vps Host : myVirtualserver

10

First rechecked the url manual, there was a redirect to https, then the expected result http status 404 - Not Found.

Then rechecked - now it works - https://check-your-website.server-daten.de/?q=explosivemenu.com

Domainname Http-Status redirect Sec. G
http://explosivemenu.com/
185.223.31.61 301 https://explosivemenu.com/ 0.037 A
https://explosivemenu.com/
185.223.31.61 200 3.477 B
http://explosivemenu.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
185.223.31.61 301 https://explosivemenu.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.040 A
Visible Content: Moved Permanently The document has moved here . Apache/2.4.25 (Debian) Server at explosivemenu.com Port 80
https://explosivemenu.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 404 3.114 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.25 (Debian) Server at explosivemenu.com Port 443

And there is a new Letsencrypt certificate

CN=explosivemenu.com
	24.08.2019
	22.11.2019
expires in 90 days	explosivemenu.com - 1 entry

Now it looks good, the blocking script is removed.

1 Like
11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.